Many on-line or web-base applications or services such as a blog post box, a comment box, a TODO list, a virtual pin board or a social bookmarking service rely on user inputs as part of the services. In may situations, anonymous inputs is not possible or allowed. That is, a user is required to provide identity information and have identity information authenticated before such input can be submitted or accepted. The user may be required to have had registered an account with the application or service, and be authenticated by logging in with the user identity and credential information such as username and password associated with the account. Or, the user may get authenticated through a third-party authentication service provider or a secondary system (e.g., OpenID provider) by making service calls to the third party authentication provider or the secondary system using the user's identity and credential information associated with the third-party authentication provider.
Such methods and systems of prior arts requiring upfront authentication steps prior to the submission of inputs can be problematic for a couple of reasons. First, the added overhead of extra steps of authentication and waiting for response from authentication not only cuts into the user-application interaction flow, but also can be cumbersome for users, especially when only a few mouse clicks or a few words of typing are generally involved in an input request to an on-line application or service (e.g., an on-line virtual pin board or a social bookmarking service). Some applications or services may choose the approach of authenticated once, and reuse the authentication in subsequent input requests until the session expires or the user logout. This approach still does not reduce the overhead much when the user input requests are no more than a couple times during the authenticated session. In addition, keeping the authenticated session longer time can increase risk of the user account security, especially when a user is using a public computer, a persistent login method or session for input purpose may subject the user account to unauthorized access. Furthermore, there are security and privacy concerns when employing third-party authentication and the user has to share or transmit the user's third-party account information.